Vulnerability Name: | CVE-2007-3503 (CCN-35168) | ||||||||||||||||||||||||
Assigned: | 2007-06-28 | ||||||||||||||||||||||||
Published: | 2007-06-28 | ||||||||||||||||||||||||
Updated: | 2018-10-26 | ||||||||||||||||||||||||
Summary: | The Javadoc tool in Sun JDK 6 and JDK 5.0 Update 11 can generate HTML documentation pages that contain cross-site scripting (XSS) vulnerabilities, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||||||||||||||||||||||
CVSS v3 Severity: | 4.8 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)
| ||||||||||||||||||||||||
CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N) 3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
3.5 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N/E:H/RL:OF/RC:C)
| ||||||||||||||||||||||||
Vulnerability Type: | CWE-79 | ||||||||||||||||||||||||
Vulnerability Consequences: | Gain Access | ||||||||||||||||||||||||
References: | Source: MITRE Type: CNA CVE-2007-3503 Source: BEA Type: Third Party Advisory BEA07-177.00 Source: CCN Type: Apple Web site About the security content of Java Release 6 for Mac OS X 10.4 Source: MISC Type: Third Party Advisory http://docs.info.apple.com/article.html?artnum=307177 Source: APPLE Type: Mailing List, Third Party Advisory APPLE-SA-2007-12-14 Source: OSVDB Type: Broken Link 36488 Source: CCN Type: RHSA-2007-0818 Critical: java-1.5.0-sun security update Source: CCN Type: RHSA-2007-0829 Critical: java-1.5.0-ibm security update Source: CCN Type: RHSA-2007-0956 Moderate: java-1.5.0-bea security update Source: CCN Type: SA25769 Sun JDK JavaDoc Cross-Site Scripting Vulnerability Source: SECUNIA Type: Third Party Advisory 25769 Source: SECUNIA Type: Third Party Advisory 26314 Source: SECUNIA Type: Third Party Advisory 26369 Source: CCN Type: SA26631 BEA JRockit Multiple Vulnerabilities Source: SECUNIA Type: Third Party Advisory 26631 Source: SECUNIA Type: Third Party Advisory 26645 Source: SECUNIA Type: Third Party Advisory 26933 Source: SECUNIA Type: Third Party Advisory 27203 Source: CCN Type: SA28115 Mac OS X Java Multiple Vulnerabilities Source: SECUNIA Type: Third Party Advisory 28115 Source: CCN Type: SECTRACK ID: 1018327 Sun JavaDoc Input Validation Hole Permits Cross-Site Scripting Attacks Source: CCN Type: Sun Alert ID: 102958 Cross-site Scripting Vulnerability (XSS) Affecting Pages Generated with JavaDoc Tool Source: SUNALERT Type: Broken Link 102958 Source: CCN Type: ASA-2007-335 Cross-site Scripting Vulnerability (XSS) Affecting Pages Generated with JavaDoc Tool (Sun 102958) Source: CCN Type: ASA-2007-336 java-1.5.0-sun security update (RHSA-2007-0818) Source: CCN Type: ASA-2007-343 java-1.5.0-ibm security update (RHSA-2007-0829) Source: CCN Type: ASA-2007-465 java-1.5.0-bea security update (RHSA-2007-0956) Source: CCN Type: GLSA-200709-15 BEA JRockit: Multiple vulnerabilities Source: GENTOO Type: Third Party Advisory GLSA-200709-15 Source: CCN Type: OSVDB ID: 36488 Sun Java JDK JavaDoc HTML Documentation Page XSS Source: REDHAT Type: Third Party Advisory RHSA-2007:0818 Source: REDHAT Type: Third Party Advisory RHSA-2007:0829 Source: REDHAT Type: Third Party Advisory RHSA-2007:0956 Source: BID Type: Third Party Advisory, VDB Entry 24690 Source: CCN Type: BID-24690 Sun JavaDoc Tool Cross-Site Scripting Vulnerability Source: SECTRACK Type: Third Party Advisory, VDB Entry 1018327 Source: VUPEN Type: Third Party Advisory ADV-2007-2383 Source: VUPEN Type: Third Party Advisory ADV-2007-3009 Source: VUPEN Type: Third Party Advisory ADV-2007-4224 Source: XF Type: Third Party Advisory, VDB Entry sun-jdk-javadoc-xss(35168) Source: XF Type: UNKNOWN sun-jdk-javadoc-xss(35168) Source: OVAL Type: Third Party Advisory oval:org.mitre.oval:def:10704 Source: CCN Type: BEA07-177.00 Multiple Security Vulnerabilities in the Java Runtime Environment | ||||||||||||||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration RedHat 1: Configuration RedHat 2: Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||||||||||||||
Oval Definitions | |||||||||||||||||||||||||
| |||||||||||||||||||||||||
BACK |